CVE-2024-3400

NVD Published Date: April 12, 2024 at 08:15 AM
NVD Last Modified: May 29, 2024 at 04:00 PM
Download Patch
Vulnerability ID
CVE-2024-3400
Severity
CRITICAL
Severity Score
10.0
Summary
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
References
Mitigation and Patches
-
Exploits

https://www.exploit-db.com/exploits/51996

https://github.com/h4x0r-dz/CVE-2024-3400

https://github.com/W01fh4cker/CVE-2024-3400-RCE-Scan

https://github.com/0x0d3ad/CVE-2024-3400

https://github.com/ihebski/CVE-2024-3400

https://github.com/momika233/CVE-2024-3400

https://github.com/Chocapikk/CVE-2024-3400

https://github.com/Yuvvi01/CVE-2024-3400

https://github.com/ak1t4/CVE-2024-3400

https://github.com/AdaniKamal/CVE-2024-3400

https://github.com/schooldropout1337/CVE-2024-3400

https://github.com/zam89/CVE-2024-3400-pot

https://github.com/0xr2r/CVE-2024-3400-Palo-Alto-OS-Command-Injection

https://unit42.paloaltonetworks.com/cve-2024-3400/

https://unit42.paloaltonetworks.com/cve-2024-3400/

https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/panos_telemetry_cmd_exec.rb

https://github.com/h4x0r-dz/CVE-2024-3400

https://github.com/0x0d3ad/CVE-2024-3400

https://github.com/W01fh4cker/CVE-2024-3400-RCE

https://github.com/Yuvvi01/CVE-2024-3400

https://github.com/ak1t4/CVE-2024-3400

https://github.com/AdaniKamal/CVE-2024-3400

https://github.com/Chocapikk/CVE-2024-3400

https://github.com/ihebski/CVE-2024-3400

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

https://github.com/W01fh4cker/CVE-2024-3400-RCE-Scan

https://github.com/zam89/CVE-2024-3400-pot

https://github.com/0xr2r/CVE-2024-3400-Palo-Alto-OS-Command-Injection

https://github.com/momika233/CVE-2024-3400

https://www.cisa.gov/news-events/alerts/2024/04/12/palo-alto-networks-releases-guidance-vulnerability-pan-os-cve-2024-3400

https://github.com/schooldropout1337/CVE-2024-3400

Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE ID
CWE-77

Recent Publish

CVE-2024-4040

KB890830

CVE-2024-7023

CVE-2024-7024

CVE-2024-4657

See More ...

See SecOps Solution
in action

Schedule Demo
Agentless security for your infrastructure and applications - to build faster, more securely and in a fraction of the operational cost of other solutions
hello@secopsolution.com
+569-231-213
Compare
Qualys Cloud Agent Tenable Nessus Rapid7 InsightVM
Company
About Us Contact Career
Resources
Blog Sample Reports CVE Windows KB Case Studies eBooks Policy Templates Webinar
Try It
Patch Astra EPSS Calculator Contact Free Scan Schedule Demo Log In
© 2024  SecOps Solution, Inc.| Privacy Policy | Terms and Conditions .
Social Media :